← Back

Eidas Node Integration Package

eidas-node_integration_package

Vendor: Europa • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-18633
1Europa
1Eidas Node Integration Package
Nov 21, 2024
Oct 30, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.
CVE-2019-18632
1Europa
1Eidas Node Integration Package
Nov 21, 2024
Oct 30, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.